Just to show that I haven’t been twiddling my thumbs all this time, I thought I’d post what I have so far on the forum script I’ve been working on. Last Monday, I posted the updated database SQL.
Now there are 12 tables in all. I forgot to include the “usersgroups” table and now there’s a “floodcheck” table as well. Originally, I planned to use a purely cookie or session based check for flooding, but these can be easily spoofed. Flood checking will now take place in the database class.
I’ve written up the basics on Database.class.php (the parent class for all database abstraction), MySQL.class.php, config.php (I’ve finalised on the presets) and index.php, but this should give you an idea of where I’m going with this.
Note: The license is MIT, but this is only because Google Code doesn’t allow the ISC license or Public Domain dedications at this time. I plan to release a separate version of the code (functionally identical to this one) without any license and with my usual disclaimer.
WARNING: This code is highly experimental and will contain omissions, exceptions and egregious coding errors. This is just a progress update, so please feel free to treat it as such.
For some reason the sourcecode formatting puts the empty() function twice as, “emptyempty”. This is a WordPress formatting issue. The plain version doesn’t have the double entry.
/**
* Core class.
* Used for core forum functions, formatting and security.
*
* @author Eksith Rodrigo
* @package Core
* @access public
* @version 0.1
* @license http://www.opensource.org/licenses/mit-license.php MIT License
*/
final class Core
{
static private $instance; // Singleton instance for this class
private $cookies; // Boolean to hold cookie capability (true/false)
private $props; // Presets array passed during object construction
private $db; // Database object passed during object construction
/**
* Core constructor.
* This is a private function. Use "getInstance" below to get a fresh object.
*
* @param array $p the presets in the core passed by reference.
* @param object $d the database object (MySQL, SQLite et al) passed by reference.
*/
private function __construct(&$p, &$d)
{
$props = $p;
$db = $d;
$cookies = $this->cookiesEnabled();
}
/**
* Singleton instance.
*
* @param array $p The presets in the core passed by reference.
* @param object $d The database object (MySQL, SQLite et al) passed by reference.
* @return object Core Singleton instance
*/
static function getInstance(&$p, &$d)
{
if(!isset(self::$instance))
self::$instance = new Core($p, $d);
return self::$instance;
}
/******************************************************************************
Posting status and user input
******************************************************************************/
/**
* Checks if user is currently browsing the index page.
*
* @return bool true If on the index page. Defaults to false.
*/
public function browsingIndex()
{
if(!isset($_GET['forum']) && !isset($_GET['topic']) && !isset($_GET['page']) && !isset($_GET['section']))
return true;
return false;
}
/**
* Checks if user is currently browsing a specific forum.
*
* @return bool true If on a forum page. Defaults to false.
*/
public function browsingForum()
{
if(isset($_GET['forum']) && !isset($_GET['topic']) && !isset($_GET['section']))
return true;
return false;
}
/**
* Checks if user is currently browsing a specific topic.
*
* @return bool true If on a topic page. Defaults to false.
*/
public function browsingTopic()
{
if(isset($_GET['forum']) && isset($_GET['topic']) && !isset($_GET['section']))
return true;
return false;
}
/**
* Checks if user is currently browsing a specific section. I.E. Plugin module.
*
* @return bool true If on a section page. Defaults to false.
*/
public function browsingSection()
{
if(!isset($_GET['forum']) && !isset($_GET['topic']) && isset($_GET['section']))
return true;
return false;
}
/**
* Gets the current page index.
*
* @return int $p Filtered output defaults to 1 (first page).
*/
public function currentPage()
{
$p = 1;
if(isset($_GET['page']))
$p = $this->getDefaultInt($_GET['page'], 1);
return $p;
}
/**
* Status: Posting a new forum topic.
*
* @return bool true If $_POST array key "forum" is present and "topic" is absent. Defaults to false.
*/
public function postingNewTopic()
{
if(isset($_POST['forum']) && !isset($_POST['topic']))
return true;
return false;
}
/**
* Status: Posting a new topic reply.
*
* @return bool true If $_POST array keys "forum" and "topic" are present. Defaults to false.
*/
public function postingNewReply()
{
if(isset($_POST['forum']) && isset($_POST['topic']))
return true;
return false;
}
/**
* Status: User is attempting to login.
*
* @return bool true If $_POST array keys "username" and "password" are present. Defaults to false.
*/
public function checkLogin()
{
if(isset($_POST['username']) && isset($_POST['password']))
return true;
return false;
}
/**
* Status: User is attempting to login.
*
* @return bool true If $_GET array keys "logout" is set and the "user" session is present. Defaults to false.
*/
public function checkLogout()
{
if(isset($_GET['logout']) && !isset($_GET['login']) && isset($_SESSION['user']))
return true;
return false;
}
/**
* Gets the currently requested forum ID.
* Priority is given to the $_POST "forum" key.
*
* @return int $f_id Filtered output defaults to 0 (no forum requested).
*/
public function postForumID()
{
$f_id = 0;
if(isset($_POST['forum']))
$f_id = $this->getDefaultInt($_POST['forum'], 0);
elseif(isset($_GET['forum']))
$f_id = $this->getDefaultInt($_GET['forum'], 0);
return $f_id;
}
/**
* Gets the currently requested topic ID.
* Priority is given to the $_POST "topic" key.
*
* @return int $t_id Filtered output defaults to 0 (no topic requested).
*/
public function postTopicID()
{
$t_id = 0;
if(isset($_POST['topic']))
$t_id = $this->getDefaultInt($_POST['topic'], 0);
elseif(isset($_GET['topic']))
$t_id = $this->getDefaultInt($_GET['topic'], 0);
return $t_id;
}
/**
* Gets the currently requested parent (topic or forum) ID.
* Priority is given to the $_POST "parent" key.
*
* @return int $p_id Filtered output defaults to 0 (no parent item requested).
*/
public function postParentID()
{
$p_id = 0;
if(isset($_POST['parent']))
$p_id = $this->getDefaultInt($_POST['parent'], 0);
elseif(isset($_GET['parent']))
$p_id = $this->getDefaultInt($_GET['parent'], 0);
return $p_id;
}
/**
* Gets the posted subject title form field data.
*
* @return string $_t Filtered output defaults to '' (blank string).
*/
public function postTitle()
{
$_t = '';
if(isset($_POST['title']))
$_t = $this->getDefaultString($_POST['title'], '');
return $_t;
}
/**
* Gets the posted content data (message body) form field data.
*
* @return string $_c Filtered output defaults to '' (blank string).
*/
public function postContent()
{
$_c = '';
if(isset($_POST['content']))
$_c = $this->getDefaultHtml($_POST['content'], '');
return $_c;
}
/**
* Gets the posted author name form field data
*
* @return string $_a Filtered output defaults to '' (blank string).
*/
public function postAuthor()
{
$_a = '';
if(isset($_POST['author']))
$_a = $this->getDefaultString($_POST['author'], '');
return $_a;
}
/**
* Gets the posted author email form field data.
*
* @return string $_e Filtered output defaults to '' (blank string).
*/
public function postEmail()
{
$_e = '';
if(isset($_POST['email']))
$_e = $this->getDefaultString($_POST['email'], '');
return $_e;
}
/**
* Gets a database compatible datetime stamp.
*
* @return date Current date time in "Year-Month-Date Hour:Minute:Second" format.
*/
public function postDate() {
return date('Y-m-d H:i:s');
}
/******************************************************************************
User status and identity
******************************************************************************/
/**
* Gets user data into variables passed by reference.
*
* @deprecated This function is deprecated in favor of the one with fewer parameters below it
* @see function getUserDataArray.
*
* @param int $userID user ID key. Defaults to 0 on error
* @param string $user username. Defaults to '' on error
* @param array $priv user privileges. Defaults to empty array on error
* @param int $msgID message ID key. Defaults to 0 on error
* @param string $exc error message text.
*/
public function getUserData(&$userID, &$user, &$priv, &$msgID, &$exc)
{
try
{
$raw = explode('::', $this->loggedInUser());
list($userID, $user, $msgID) = explode(',' $raw[0]);
$priv = $this->getPrivileges($raw[1]);
// Filter everything
$userID = $this->getDefaultInt($userID, 0);
$user = $this->getDefaultString($user, '');
$msgID = $this->getDefaultInt($msgID, 0);
}
catch (Exception $exc)
{
$userID = 0;
$user = '';
$priv = array();
$msgID = 0;
}
}
/**
* Gets user data as an array.
*
* @param array $data user data (id, name, privileges, messageID). Defaults to error message on exception.
* @return array|string Array with user data if successful or exception message as string on error.
*/
public function getUserDataArray()
{
$data = null;
try
{
$raw = explode('::', $this->loggedInUser());
// First part of "raw" (user info)
list($userID, $user, $msgID) = explode(',' $raw[0]);
$data = array(
"id" => $userID,
"username" => $this->getDefaultString($user, ''),
"messageID" = $this->getDefaultInt($msgID, 0),
"privileges" => $this->getPrivileges($raw[1]) // Second part of "raw" (privileges)
);
}
catch (Exception $exc)
{
$data = $exc;
}
return $data;
}
/**
* Saves user data into session and cookies.
*
* @deprecated This function is deprecated in favor of the one with fewer parameters below it.
* @see function setUserDataArray
*
* @param int $userID Unique user key
* @param string $name Username
* @param array $priv Designated user parameters
* @param int msgID Display message number
*/
public function setUserData(&$userID, &$user, &$msgID, &$priv)
{
$data = $this->encrypt($userID . ',' . $user . ',' . $msgID . '::' . implode('', $priv));
// Destroy and restart the current session
session_regenerate_id(true);
$_SESSION['user'] = $data;
if($cookies)
setcookie("user", $data);
}
/**
* Saves user data into session and cookie
*
* @param array $info Raw user data including id, name, message ID and privileges array
*/
public function setUserDataArray(&$info)
{
list($userID, $user, $msgID, $priv) = $info;
$data = $this->encrypt($userID . ',' . $user . ',' . $msgID . '::' . implode('', $priv));
// Destroy and restart the current session
session_regenerate_id(true);
$_SESSION['user'] = $data;
if($cookies)
setcookie("user", $data);
}
/**
* Check if user can support cookies
*
* @return bool $cookies True if cookies are enabled by the browser, false if else
*/
public function cookiesEnabled()
{
if(empty($cookies))
{
setcookie("cookies", time());
if(isset($_COOKIE["cookies"]))
{
$cookies = true;
unset($_COOKIE["cookies"]);
}
else
{
$cookies = false;
}
}
return $cookies;
}
/**
* Check if user has a valid login session or saved cookie
*
* @return string $ret Formatted string pattern containing user ID, name, display name message ID and privilege flags
*/
public function loggedInUser()
{
// Prevent hijack
if(!isset($_SESSION['user']))
session_regenerate_id();
$ret = null;
if(isset($_SESSION['user']))
$ret = $this->decrypt($_SESSION['user']);
elseif(isset($_COOKIE["user"]))
$ret = $this->decrypt($_COOKIE['user']);
else
$ret = '0,0,0::000000000000000000000';
return $ret;
}
/**
* Authenticates user based on posted username and password form fields
*
* @return bool true If authentication went without problems. Defaults to false.
*/
public function login()
{
// Make sure the current user is logged out first
if(isset($_SESSION['user']) || isset($_COOKIE['user']))
$this->logout();
if(isset($_POST['username']) && isset($_POST['password']))
{
$username = $this->getDefaultString($_POST['username'], '');
$password = $this->getDefaultString($_POST['password'], '');
// Invalid or empty form data
if(empty($username) || empty($password))
return false;
// Connect to database and get user by name
$data = $db->getLoginData($username);
// User doesn't exist
if(empty($data))
return false;
// Verify returned authentication data
$encPass = $this->decrypt($data['pass']);
$encSalt = $this->decrypt($data['salt']);
// Password matches, login the user and return true
if(str_replace($encSalt, '', $encPass) == $password)
{
$udata = array($data['id'], $username, 0, implode('', $data['priv']));
$this->setUserDataArray($udata);
return true;
}
}
return false;
}
/**
* Logout by removing 'user' session and cookie data.
*/
public function logout()
{
if(isset($_SESSION['user']))
$_SESSION['user'] = null;
if(isset($_COOKIE['user']))
unset($_COOKIE['user']);
// Just to be sure
session_regenerate_id();
}
/**
* Puts user privileges into an array
*
* @param string $priv User privilegs flags 21 characters in length (0/1)
* @return array $privileges User privileges sorted into readable array
*/
public function getPrivileges(&$priv)
{
// Initial array with no privileges
$privileges = array(
"CanReply" => 0,
"CanCreateTopics" => 0,
"CanUsePM" => 0,
"CanReplyReadOnlyForums" => 0,
"CanCreateTopicsReadOnlyForums" => 0,
"CanEditOwnPosts" => 0,
"CanDeleteOwnPosts" => 0,
"CanEditOthersPosts" => 0,
"CanDeleteOthersPosts" => 0,
"CanMoveTopics" => 0,
"CanLockTopics" => 0,
"CanCreateForums"= 0,
"CanEditForums" => 0,
"CanDeleteForums" => 0,
"CanCreateUsers"= 0,
"CanBanUsers"= 0,
"CanEditUsers"= 0,
"CanDeleteUsers"= 0,
"CanCreateGroups"= 0,
"CanEditGroups"= 0,
"CanDeleteGroups"= 0
);
// Get array from privileges string
$pr = explode('', $priv);
// If the initial array has appropriate number of flags
if(count($pr) == 21) {
// Get secured values back to privileges from source array
$this->filterPushToArray("int", $pr, $privileges);
}
return $privileges;
}
/**
* Utility function to reset default values in an array with filtered data.
* Arrays are passed by reference.
*
* @param string $type Content type to return. Values "html", "string", "int".
* @param int $count The number of items to iterate through.
* @param array $source The raw array containing unfiltered data.
* @param array $source Sorted destination array with filtered data.
*/
public function filterPushToArray($type, $count, &$source, &$dest)
{
$type = strtolower($type);
$i = 0;
// Iterate through each key and insert corresponding source array value
foreach($dest as $key => $value)
{
// Get filtered content based on type
switch($type)
{
case "html":
$dest[$key] = $this->getDefaultHtml($source[i], $value);
break;
case "string":
$dest[$key] = $this->getDefaultString($source[i], $value);
break;
case "int":
$dest[$key] = $this->getDefaultInt($source[i], $value);
break;
}
$i++;
}
}
/******************************************************************************
Formatting and presentation functions
******************************************************************************/
/**
* Converts topic titles into usable URLs.
* Will be used along with IDs.
*
* @param string $str The raw title
* @return string $str The cleaned up title with special characters removed
*/
public function titleToSlug($str)
{
$str = preg_replace('/[~`!\@#\$\%\^\&\*\(\)\-\_\+={}\[\]\|:;\"\'\< \>\?,.\\\/\s+]/imu', '', $str);
return strtolower($str);
}
/**
* Check if CAPS are below a percent threshold.
* This function is for improving readability by enforcing caps limits.
*
* @param string $str The posted content
* @param int $limit The threshold limit in percent
* @return bool true If the amout of CAPS matches are below the limit, else returns false.
*/
public function capsCheck($str, $limit)
{
$percent = round(($limit / 100) * strlen($str));
preg_match_all('/[A-Z]/', $str, $matches);
return ((count($matches[0]) >= $percent) ? true : false);
}
/**
* Truncates strings to specified limit and return with ellipse
* This function is for improving readability by limiting titles or summary lengths.
*
* @param string $str The posted content
* @param int $limit The threshold limit in number of maximum characters. Default is 100.
* @return string $str Formatted text limited to specified length and followed by '...' .
*/
public function stringTrunc($str, $limit = 100)
{
if (strlen($str) < = $limit)
return $str;
return substr_replace($string, '...', ($limit - strlen($str)));
}
/******************************************************************************
Url authentication and flood limit
******************************************************************************/
/**
* Verify a certain amount of time has passed between requests
* Prevents abuse by checking for flood/DoS or forced entry attempts.
*
* @deprecated This function is deprecated in favor of a purely database based approach
*
* @param int $limit The threshold limit in time format.
* @return bool true If sufficient time has passed between requests or false if it has not.
*/
public function floodLimit($limit)
{
$req = $this->postDate();
if(isset($_SESSION['req']) || isset($_COOKIE['req']))
{
$sreq = (isset($_SESSION['req']))? strtotime($_SESSION['req']) : $req;
$creq = (isset($_COOKIE['req']))? strtotime($_COOKIE['req']) : $req;
// Compare and get the most recent time
if($sreq < $creq)
$sreq = $creq;
return ($req < ($sreq + strtotime($limit)));
}
$_SESSION['req'] = $req;
setcookie('req', $req);
return false;
}
/**
* Authenticate the requested URL as originating from the site homepage
* Prevents outside redirect attempts by comparing the source and destination URLs (site_url)
*
* @param string $req The raw requested URL
* @return bool true If the source and destination URLs match or false if they dont
*/
public function verifyURL($req)
{
if(strtolower($req) == substr(0, (strlen(strtolower($props['site_url'])) - 1)))
return true;
return false;
}
/*****************************************************************************************************
Sanitized input
*****************************************************************************************************/
/**
* Allow only text. HTML escaped if necessary, output unicode.
* Prevents malicious or accidental HTML tags from being posted. Formatted strings only.
*
* @param string $v The content to be checked.
* @return string $v|$d Verified and formatted content as $v or default, $d, if $v is invalid or empty.
*/
public function getDefaultString($v, $d)
{
$v = (empty($v) && (strtolower($v) != 'false') && ($v != '0'))? $d : $v;
return htmlentities(iconv('UTF-8', 'UTF-8', $v), ENT_QUOTES, 'UTF-8');
}
/**
* Allow only numbers, specifically, integers. No strings and/or HTML allowed.
* Prevents any value other than an integer from being sent.
*
* @param string $v The content to be checked.
* @return int $v|$d Verified $v if it is an integer or default, $d, if $v is invalid.
*/
public function getDefaultInt($v, $d)
{
return (!ctype_digit($v))? $d : $v;
}
/**
* Allow only safe HTML (tags, attributes and attribute values).
* Prevents any value other than those in the presets whitelists from being sent back.
*
* This function needs more work!
*
* @param string $v The content to be checked.
* @return string $v|$d The filtered and formatted allowed HTML as $v or default fallback value, $d, if $v is empty or cannot be parsed.
*/
public function getDefaultHtml($v, $d)
{
// Check if the content isn't empty or we skip all the filtering
$v = (empty($v) && (strtolower($v) != 'false') && ($v != '0'))? $d : $v;
// Content passed empty check
if($v != $d)
{
// Get disallowed attributes from presets
$badattr = implode('|', $props['ui_format_invalid_attributes']);
// Get formatting whitelist
$allowed = implode('|', $props['ui_format_tags']);
// Remove all tags not in the formatting whitelist first, but leave the content inside
$v = preg_replace("!<\s*?(" . $allowed . ").*?>((.*?))?!ismu", "\3", $v);
// Iterate through each allowed tag
foreach($props['ui_format_tags'] as $tag)
{
// Get matched tags in the content
preg_match_all("< \s*?" . $tag[0] . "([^>]+)>!ismu", $v, $matches);
// Allowed tags are present
if(count($matches[0] > 0))
{
// Iterate through each match and filter attributes.
for($i=0; $i < count($matches[0]); $i++)
{
// Get the specified attributes for this tag (The "([^>]+)" part in the above regular expression)
$attr = explode(' ', $matches[1][$i]);
// Filtered replacement
$repl = "";
// Each allowed attribute for this specific tag
for($j=0; $j < count($attr); $j++)
{
$at = strtolower($attr[$j]);
$atm = explode(',', $tag[1]);
// Iterate through each found attribute to see if it's in the allowed list for this tag
// Ignore bad attribute values (I.E. onclick inside "style" attribute)
for($k=0; $k < count(atm); $k++)
{
if(preg_match("!^" . atm[k] . "=\"?[^(" . $badattr . ")]+\"?!ismu", $at))
$repl .= " " . $at;
}
}
// Replace the old tag and attributes with clean ones
$v = str_replace($matches[0][$i], "<". $tag[0] . $repl . ">", $v);
}
}
}
}
return $v;
}
/*****************************************************************************************************
Security and encryption
*****************************************************************************************************/
/**
* Generate a random string with a specific range (for salts etc...)
*
* @param int $min The minimum generated string length
* @param int $max The maximum generated string length
* @param bool $upper Uppercase (capital) letters are required. Defaults to true.
* @param bool $special Special characters (punctuation etc...) are required. Defaults to true.
* @return string $random Generated random string based on specifications.
*/
public function genRandom($min, $max, $upper = true, $spec = true)
{
$charset = "0123456789abcdefghijklmnopqrstuvwxyz";
if($upper)
$charset .= "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
if($spec)
$charset .= "~!@#$%^&*()_+`-={}|\\]?[\":;'><,./";
$l = mt_rand($min, $max);
for($i = 0; $i<$l; $i++) {
$random .= $charset[(mt_rand(0, (strlen($charset)-1)))];
}
return $random;
}
/**
* Encrypt in Rijndael 256 with optional Base64 encoding.
* If Base64 is used during encryption, it must be used again for decryption.
*
* @param string $text The content to be encrypted.
* @param bool $base64 Optional flag for base64 encoding the the final output. Defaults to true.
* @return string Encrypted and optionally encoded string
*/
public function encrypt($text, $base64=true)
{
if($base64)
return trim(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $salt, $text, MCRYPT_MODE_ECB, mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND))));
return trim(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $salt, $text, MCRYPT_MODE_ECB, mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND)));
}
/**
* Decrypt as encrypted above in Rijndael 256 with optional Base64 decoding (Default).
* If Base64 is used to encrypt, it must be used again for decryption.
*
* @param string $text The content to be decrypted.
* @param bool $base64 Optional flag for base64 decoding the input first. Defaults to true.
* @return string Decrypted content
*/
public function decrypt($text, $base64=true)
{
if($base64)
return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $salt, base64_decode($text), MCRYPT_MODE_ECB, mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND)));
return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $salt, $text, MCRYPT_MODE_ECB, mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND)));
}
/*****************************************************************************************************
Software downloading and updating
*****************************************************************************************************/
/**
* Download a specified file to specified destination.
* Used for updating the software or getting special content from a remote server.
* If PHP has been compiled with cURL, it will use that. If not, it will try fopen.
*
* @param string $url Download source location
* @param string $dest Download destination (must be a writable folder)
* @return bool $ret True If everything went OK or false if something went wrong.
*/
public function getFile($url, $dest)
{
$ret = false;
$out = '';
try
{
if(function_exists('curl_init'))
{
// If cURL exists, we can use it
$file = curl_init($url);
curl_setopt($file, CURLOPT_CONNECTTIMEOUT, 3);
curl_setopt($file, CURLOPT_RETURNTRANSFER, true);
curl_setopt($file, CURLOPT_BINARYTRANSFER, true);
$out = curl_exec($file);
// After everything is read, close cURL
curl_close($file);
// Empty if something went wrong
if(empty($out))
$ret = false;
$fo = fopen($dest, 'w');
fwrite($fo, $file);
fclose($fo);
}
else
{
// If cURL doesn't exist, we have to stick to fopen
$file = fopen($url, 'rb');
// Buffer the read file
while(!feof($file))
{
$out .= fread($file, 8192);
}
// Empty if something went wrong
if(empty($out))
$ret = false;
fclose($file);
$fo = fopen($dest, 'w');
fwrite($fo, $out);
fclose($fo);
}
// If the newly created file exists, return true
if(file_exists($dest))
$ret = true;
}
catch
{
// If something went wrong, return false
$ret = false;
}
return $ret;
}
/**
* Extract downloaded files to specified directories.
* Obviously incomplete...
*/
public function pkgExtract($file, $dest)
{
if(function_exists('zip_open'))
{
// Set working path
$path = $props['site_upload_directory'] . 'tmp';
// Extract the file
$pkg = zip_open($path, $file);
// Opening successful
if(is_resource($pkg))
{
while($item = zip_read($pkg))
{
$cpath = $path . dirname(zip_entry_name($item));
$cname = $path . zip_entry_name($item);
}
}
}
}
}
This page intentionally left ugly 
You know, I’d always wondered whether the correct PHPDoc syntax was “@return bool” or “@return boolean”. Thanks for answering that for me…looks like I have a lot of PHPDoc changes to make. :p
This looks like a solid foundation! I should post some of the code I’ve written for my CMS up on my WordPress. Question: how do you get the oh-so-pretty code formatting?
Thank you kind sir!
Aha! The pretty code would be courtesy of the [sourcecode] shortcode. I was annoyed to no end that no one told me about this. It’s almost like a hidden feature that I found out only a week or so ago. So I went back and edited the last few instances I had posted code.
Um… apparently, the formatting isn’t perfect. I just noticed that the “empty()” function is included twice as “emptyempty()”. If you click on “view plain” the error isn’t there. So this is definitely a WordPress bug.
Also corrected some typos.
Haha yeah I noticed that in the brief run-through; since only one of the “empty”s was syntax-highlighted, I figured it was something on the syntax engine end of things. Though I went ahead and bookmarked the project homepage for the highlighting engine…something I can make use of in my CMS. :)
Speaking of the CMS, I came across an interesting development caveat, one for which I’m sure there’s a simple solution but I don’t know it off the top of my head. In designing this thing to be as modular as possible, how does one go about creating unified site templates (fulfilling the whole “view-separate-logic” thing)? It certainly can’t be done the way bulletin boards do it, in having the entire collection of “.tpl” files in a single folder, since one would have to manually add the new .tpl files to each and every template folder when installing a new module into the CMS. I have a few thoughts but wanted to hear yours.
This is one of those problems where I felt the number of “templates” should be minimal.
I.E. Let the template designer decide which modules (forum list, topics list, replies list etc…) should be included…
In my “index.php” :
if($core->browsingIndex()) { $database->Open(); // Get the uppermost forums (nested forums don't exist yet) $forum_list = $database->getForums(0); // The top 15 most recent topics (True). The first 0 means no specific forum. $topics_list = $database->getTopics(0, 0, 15, true); $database->Close(); } if($core->browsingIndex() || $core->browsingForum() || $core->browsingTopic()) { include_once('templates/main.php'); } elseif($core->browsingSection()) { // This could be a plugin specific page... include_once('templates/section.php'); }Now in “main.php”, if the $forum_list array is populated, it will iterate through them. Similarly, the $topics_list will be run through or the $replies_list.
The rest of the template stays identical except in the case of a “section” which could require the whole template to change.
Take a look at the early draft of the main.php template source for a better idea of what I mean and how it will render itself as the index page.
Those two examples were written at two different times, so the content and rendered example may not match exactly.
Hmmm, okay. So forum script… Hmm, what language is that you’re speaking?
Please let me know when my inane comments become too much. Because I will never understand this stuff. I have a brother who teaches university math. When he occasionally tries to tell me about his work, I say things like “Hmmm, okay. So.. what language is that you’re speaking?”
Haah! I tried to teach my mom programming with very mixed results ;)
This script is written in a language called PHP, which is specially designed to run on web pages.
You see the title : “Core.class.php” .
This is the file name. Notice it ends in .php as you would want the server to identify it as a script page.
Much like your computer would recognize .doc as a document or .jpg as an image file etc…
The script is a set of instructions telling the server to process certain user input and present formatted output in return.
I.E. If the user wants to see a specific forum, the following URL could be used.
http://example.com/forum3/
In this case, this is forum #3. Which is the ID of the forum.
The specific forum ID is assigned when you create the forum (as in the earlier SQL example). No two forums have the same ID.
Similarly :
http://example.com/forum3/topic12/
This is a request to see topic #12 inside forum #3.
We also need to specify user privileges, so the above script also has specific actions that a user can execute.
I.E.
Can reply to a post
Can create a topic
Can edit his/her own post etc…
All this control requires a lot of scripting, hence the size of that page ;)
Hope that clears some things up.
Hah! Well, no, but I’ll never understand this stuff. However I certainly appreciate your efforts.
cheers,
Alan